Possible to pass incoming IP address to Agi script?

I’ve had some weird calls lately where my (HW) phone will ring and when I answer there is no sound. Caller ID is ‘unknown’ according to my phone and ‘’ according to asterisk log. This could be related to all the spam/hack call attempts that I seem to be getting lately (if that’s what they are).

I use a call-log.agi script and wonder if it’s possible to add caller IP into it? I know I can get that from the full log but it’d be handy to have the caller ID + IP + date/time etc in one log.

Why do you have allowguest enabled (or weak passwords)?

I didn’t have a setting for it. Why is it enabled by default?

It’s enabled by default to minimise the obstacles for people trying out Asterisk.

Right, so I can’t accept calls from just anyone unless I know beforehand who may want to call and set them up in sip.conf or extensions.conf I gather.

I’m not really likely to know from what IP someone is going to call me from so I think fail2ban may be more useful.

fail2ban only rate limits attacks.

Most people do know the addresses from which calls arrive.

I only really know my voip provider’s IP. For machine to machine calls I don’t.

Almost no-one does machine to machine calls outside of their intranet.

Ok, so I set allowguest=no but now I get my log filling up with lines like:

Sending fake auth rejection for device “wifi” sip:safecom@;tag=as12a66e20
Failed to authenticate on INVITE to ‘“wifi” sip:safecom@;tag=as12a66e20’

Note that safecom is my sip phone of type ‘peer’.

I also get those lines for non-existent extensions so I guess I’m still being probed?

This is what I have in sip.conf:




Any ideas of how I can clean up the log? I’m still new to voip so haven’t really tested all possible settings.

Block them at the router.

I don’t want to block my voip provider

Then add an accept rule, for them!

The other approach is to use an adaptive approach, like fail2ban, which lets the occasional attack through, but, as long as it is then blocked by Asterisk, suppresses ones from the same source for a period. fail2ban scans the security log and adds temporary rules to the Linux firewall.

However, rules applied at the router will block all attacks from untrusted addresses, not just a proportion of them.

Thing is, why is it giving those fake auths to my phone?

Probably because you are not registered.

Phone says it is

Decided to do it in iptables since my router doesn’t appear to allow block/allow rules without installing dd-wrt on it.